Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPv4 like NAT but over IPv6

    Scheduled Pinned Locked Moved IPv6
    16 Posts 4 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      schrotti12
      last edited by schrotti12

      Hello,
      i think I'm getting nuts about this. Following scenario:
      With the latest Windows 10 versions I have to switch to IPv6 but I can't get it running. I have a private internet connection with very limited configuration possibilities and a dynamic public address and therefor also a dynamic public IPv6/56 prefix. But I have a active directory running in my LAN and this needs static addressing. I am running a pfSense firewall and thought of using it like with IPv4 which should be possible in my understanding. So I wanted to create a private subnet (fd05:2017:40d0:4458:: /64) and use the internal DHCPv6-Server to tell my clients where to find the Active Directory Domain Controller and Bind DNS server (Address static: fd05:2017:40d0:4458::2). In my understanding the LAN address of pfSense (fd05:2017:40d0:4458::1) should be configured as gateway. But there is no option in the DHCPv6 server configuration dialogue. Hm ...
      Is it really not possible to create a classic NAT setup and do I have to make all my clients in my PRIVATE! lan public accessible?! Or am I getting something wrong here. Help would be appreciated. Thanks.

      Kind regards
      Andreas

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by johnpoz

        @schrotti12 said in IPv4 like NAT but over IPv6:

        With the latest Windows 10 versions I have to switch to IPv6

        Huh?? Sorry but you must be misreading something... There is NOTHING in windows that "requires" ipv6

        Please link to what you reading that states ipv6 is required..

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        JKnottJ 1 Reply Last reply Reply Quote 0
        • JKnottJ
          JKnott @johnpoz
          last edited by

          @johnpoz said in IPv4 like NAT but over IPv6:

          There is NOTHING in windows that "requires" ipv6

          HomeGroup networks work over IPv6 only.

          PfSense running on Qotom mini PC
          i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
          UniFi AC-Lite access point

          I haven't lost my mind. It's around here...somewhere...

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by johnpoz

            That is not something new in latest windows 10 update... And NOBODY should be using that shit anyway. And it only needs link local.

            And it was REMOVED anyway - which is one of the few things ms doing right ;)
            https://support.microsoft.com/en-us/help/4091368/windows-10-homegroup-removed

            And he stated he was running AD anyway - so clearly not homegroups

            But I have a active directory running in my LAN

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • R
              redstonemason
              last edited by

              A bit off topic... Sorry for the abuse. I have found your advice on IPv6 on Rogers to be a lifesaver. Where should I post some interesting findings regarding 10 to 12 minute delays connecting to ubuntu repo and "nest", yeah the thermostat company.. I have a theory...

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                Do you feel it has something to do with pfsense or just ipv6 in general? If somehow related to pfsense then ipv6 section, if just ipv6 in general then the general section prob better.

                Who are you directing you found advice on Rogers too? But I have ubuntu with ipv6 and I run nest thermo and protect.. But there is no IPv6 enabled on their vlan..

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                R 1 Reply Last reply Reply Quote 0
                • R
                  redstonemason @johnpoz
                  last edited by

                  Thanks for the quick response. I was directing it to JKnott as he seems very familiar with Rogers here in Canada.

                  R 1 Reply Last reply Reply Quote 0
                  • R
                    redstonemason @redstonemason
                    last edited by

                    I feel that this is not a pfsense issue but more a rogers issue. But when I removed/deleted/scrubbed/erased/disabled (well you folks know what I mean) the dhcp6 gateway then the slowdown connecting to to the ubuntu repository and the Nest hosts went away.

                    JKnottJ 1 Reply Last reply Reply Quote 0
                    • S
                      schrotti12
                      last edited by

                      Good evening,
                      my problem is, that if I have my network running with IPv4, my Samba4/AD controller is found without any problems, because my DHCP server tells the clients how to find the server (Primary DNS server). But for full functionality (i.e. Edge does not work anymore, when IPv6 is disabled) I have to enable IPv6 and then my internal DHCP server is not used anymore and my clients get a public IPv6 address from my provider. The problem here is, that my provider tells my internal clients his DNS server. But I need my internal Bind DNS server (because of AD ...). Therefore I have to block the external DHCP server and use my internal, but it is not used. I can activate whatever I want, my internal clients do not get an address from the local subnet (fd05:2017:40d0:4458:: /64) but from my provider which is ... slightly ... annoying. Without that, my Win10Pro clients are in a "Public network" instead of a "Domain network" ...
                      I hope I could describe my problem.
                      Thanks and good bye
                      Andreas

                      johnpozJ 1 Reply Last reply Reply Quote 0
                      • johnpozJ
                        johnpoz LAYER 8 Global Moderator @schrotti12
                        last edited by

                        @schrotti12 said in IPv4 like NAT but over IPv6:

                        Edge does not work anymore, when IPv6 is disabled

                        Nonsense... Using Edge right now with NO IPv6... If what your saying is true the MIllions, if not 10's of Millions of users that have NO ipv6 wouldn't be able to use Edge..

                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        SG-4860 24.11 | Lab VMs 2.8, 24.11

                        1 Reply Last reply Reply Quote 0
                        • JKnottJ
                          JKnott
                          last edited by

                          @johnpoz said in IPv4 like NAT but over IPv6:

                          Nonsense... Using Edge right now with NO IPv6... If what your saying is true the MIllions, if not 10's of Millions of users that have NO ipv6 wouldn't be able to use Edge..

                          There was something in the news recently about something that fails with Edge, but doesn't affect other browsers. I don't recall the details though.

                          PfSense running on Qotom mini PC
                          i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                          UniFi AC-Lite access point

                          I haven't lost my mind. It's around here...somewhere...

                          1 Reply Last reply Reply Quote 0
                          • JKnottJ
                            JKnott @redstonemason
                            last edited by

                            @redstonemason said in IPv4 like NAT but over IPv6:

                            I feel that this is not a pfsense issue but more a rogers issue. But when I removed/deleted/scrubbed/erased/disabled (well you folks know what I mean) the dhcp6 gateway then the slowdown connecting to to the ubuntu repository and the Nest hosts went away.

                            I haven't experienced anything like that. However, I use openSUSE and am not that familiar with Ubuntu.

                            PfSense running on Qotom mini PC
                            i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                            UniFi AC-Lite access point

                            I haven't lost my mind. It's around here...somewhere...

                            1 Reply Last reply Reply Quote 0
                            • johnpozJ
                              johnpoz LAYER 8 Global Moderator
                              last edited by

                              The only thing I recall recently about MS and Edge was the nonsense about win 10 warning you to not install firefox or chrome ;)

                              I have ipv6 completely turned off on this box.. It has NO ipv6 enabled

                              C:\>ipconfig /all
                              
                              Windows IP Configuration
                              
                                 Host Name . . . . . . . . . . . . : i5-win
                                 Primary Dns Suffix  . . . . . . . : local.lan
                                 Node Type . . . . . . . . . . . . : Broadcast
                                 IP Routing Enabled. . . . . . . . : No
                                 WINS Proxy Enabled. . . . . . . . : No
                                 DNS Suffix Search List. . . . . . : local.lan
                              
                              Ethernet adapter Ethernet:
                              
                                 Connection-specific DNS Suffix  . :
                                 Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
                                 Physical Address. . . . . . . . . : 00-13-3B-2F-67-62
                                 DHCP Enabled. . . . . . . . . . . : No
                                 Autoconfiguration Enabled . . . . : Yes
                                 IPv4 Address. . . . . . . . . . . : 192.168.9.100(Preferred)
                                 Subnet Mask . . . . . . . . . . . : 255.255.255.0
                                 Default Gateway . . . . . . . . . : 192.168.9.253
                                 DNS Servers . . . . . . . . . . . : 192.168.3.10
                                 NetBIOS over Tcpip. . . . . . . . : Disabled
                              
                              C:\>
                              

                              And Edge works just fine...

                              0_1539340508905_bing.png

                              An intelligent man is sometimes forced to be drunk to spend time with his fools
                              If you get confused: Listen to the Music Play
                              Please don't Chat/PM me for help, unless mod related
                              SG-4860 24.11 | Lab VMs 2.8, 24.11

                              1 Reply Last reply Reply Quote 0
                              • S
                                schrotti12
                                last edited by

                                Well, I can only tell, that if I have my settings like this:
                                0_1539340785213_1153a985-351f-46cc-bc98-3a03bb78ee27-image.png
                                Edge tells me
                                0_1539340801266_65a82c24-2f3e-49d6-9a79-60fb82314b90-image.png
                                And if I enable IPv6, Edge works:
                                0_1539340824917_7b9643b1-f860-4e4f-8405-dd7e6904b5f7-image.png
                                I don't know why this is and I hate it and I did not want to start a discussion about Windows, Microsoft or IPv6 in general but I just wanted to know if it is possible to keep my network private without making all machines reachable from the Internet and how to configure the whole thing so that my AD controller is still find- and reachable.

                                1 Reply Last reply Reply Quote 0
                                • johnpozJ
                                  johnpoz LAYER 8 Global Moderator
                                  last edited by johnpoz

                                  Setting your devices to use a ULA would not allow them to use IPv6 to get to the internet..

                                  You know that just unbinding ipv6 doesn't kill off any of the transition shit MS enables by default, ie teredo, isatap, 6to4 etc.. If windows "thinks" has a viable ipv6 address it will try to use that.. What does an ipconfig /all show when you unbind ipv6 from your interface?

                                  When Ipv6 doesn't work the browser be it edge, firefox or chrome should at some point switch to IPv4 but it can take time for it to switch over and yeah can cause issues. Why to be honest its almost best to disable it completely if your not going to actually use it as intended.. Where your clients have a gua address to use.

                                  Administration of IPv6 does complicate things quite a bit, especially in AD.. Let alone firewall rules Identification of machines, etc. etc.

                                  You can disable ipv6 on your win10 machines easy with reg entry or even push it out with a group policy, etc.

                                  BTW the gateway in IPv6 is not handed out via dhcpv6, its found out by the client via RA..

                                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                                  If you get confused: Listen to the Music Play
                                  Please don't Chat/PM me for help, unless mod related
                                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                                  1 Reply Last reply Reply Quote 0
                                  • S
                                    schrotti12
                                    last edited by

                                    Hi!
                                    When deactivating IPv6 in Windows there is not IPv6-address on the interface anymore.
                                    Thanks for the hint with the RAs. I have to dig more into the topic. I watched my prefix the last few days and it did not change. Maybe I have to set up IPv6 statically on my servers with the dynamic prefix and configure the DNS server accordingly.
                                    Some problems came up with node or better npm not finding the repository because it was not resolvable on a Debian machine.
                                    I'll take some time to do this and post the result here.
                                    Thanks for the help!

                                    1 Reply Last reply Reply Quote 0
                                    • First post
                                      Last post
                                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.